Same here.... Just wanted to say thanks for posting this, it confirmed my suspicions. Removed toad from several machines here too. Guess I should be more careful in setting these malware definitions to autofix, though they should already be tested in my opinion to weed out most problems.

This is a "catch-all" sort of definition. It is intended to analyze the file, its behaviors or other characteristics to determine if it is malicious. The primary purpose it to catch spyware early that doesn't yet have a specific definition. Because of this nature, it is usually where we occationally see "false-positives" as you are describing here.

The recommendation for this definition is to not set it to Autofix. That way it can scan and notify you of potential concerns, but not act on them. You can review the report of detected files and take (or not take) appropriate action.